Privacy Notice
Date of the latest revision: June 26, 2025This Privacy Notice has been designed to inform You (i.e. website visitor, end-user customer of our clients or Partners or data subject concerned by our processing activities) of our policies regarding the collection, use, and disclosure of personal data.
This privacy notice does not apply to personal data processing by N.Rich US Inc. If you are located in the United States or interacting with N.Rich US Inc., please refer to our separate US Privacy Notice.
N.Rich Technologies Oy (“N.Rich”, “IntentHub”, “we”, “us”, “our”) will be transparent with you about why and how we collect personal data.
This Privacy Notice applies exclusively to processing activities performed by N.Rich Technologies Oy while we operate as a “controller” or as a “processor” under the EU General Data Protection Regulation (GDPR) .
We have separate Privacy Policies for N.Rich clients using N.Rich software and for Potential Customers of N.Rich Technologies Products and Services.
Please note that this Privacy Notice may be revised and reissued from time to time. You should visit this page regularly to review the latest version.
- In brief
N.Rich intent data, sales intelligence and advertising services for Business-to-Business (B2B) companies. We process both personal- and behavioural data in order to enable serving advertising and content that is more relevant for your work and professional interests. We use cookies and similar technologies and you can opt-out at any time.
- What we do
We are N.Rich Technologies Oy, a Finnish company developing and operating / providing two software-as-a-service platforms called N.Rich and IntentHub. N.Rich is an Account-Based Go-To-Market software platform offering advertising, sales intelligence, and automation capabilities to B2B companies. IntentHub is an intent data software platform for sales, marketing and customer-success functions of B2B companies. What this means is that our customers use our services to be able to offer more relevant products, services and messages to their existing and potential customers through utilizing individual and company data, behavioural signals and targeted advertising capabilities we offer. We collect individual and company-level behavioral data from millions of websites globally, through programmatic advertising systems, our clients’ or partners’ websites or their customer relationship systems (CRM), and from our partners and augment this data using algorithms and machine-learning. We also deliver targeted advertising to companies and professionals through the said advertising systems.
In order to offer our service, we process three types of data; (i) “pseudonymised” data that alone can’t be associated with the end-user, such as IP-address or unique user identifiers, (ii) direct personal data that can be associated with the end-user such as name, email address, Linkedin profile or phone number, and (iii) online and offline activity data that may be associated with the two categories of personal data described above and may be used for creating personal behavioural profile of the end-user for marketing, sales and analytics purposes.
We process end-user personal and behavioural data in the business or professional role related to an organisation such as a company or individual associated with the latter as contractor, agent, employee etc. We do not have any interest in processing or understanding the end-user data or behaviour in “consumer mode” related to a non-business or professional role. Since it is often impossible to separate professional and “consumer mode data”, we are typically forced to process “consumer mode” data as well. Whenever possible, we take active steps to avoid processing “consumer mode” data.
We gather personal and activity data using three primary methods; (i) through a small piece of code called N.Rich Tag deployed on third party and our client websites, (ii) through integrations to our clients’ other software systems, and (iii) through our clients importing such data into the N.Rich software.
We use cookies and similar technologies to store unique end-user identifiers into your web browser. Cookies are used to ensure that we or our clients reach the right end-users with advertising and the advertising content the end-users see will be relevant. We also use cookies for maintaining a consistent profile of the end-users and their activities enabling serving personalised advertising or content, and for providing analytics related to the activities and potential interest of the end-users towards our-, or our clients’ business offering.
More information about the cookies used by N.Rich is available here.
If you use a Google, Facebook, Linkedin or Twitter account, these platforms may – depending on the settings saved in your account – link your web and app browser history with your personal account and use information from your personal account in order to personalise advertisements. You can find more detailed information on this matter from: Google’s Privacy Statement, Facebook’s Data Usage Policy, Linkedin Privacy Policy, and from Twitter’s Privacy Policy
N.Rich does not make decisions that produce legal effects or similarly significant consequences based solely on automated processing. However, profiling is used to group end-users by inferred professional attributes (e.g., company, job title, industry interest) for advertising or analytics, where used as described below.
- The role of N.Rich
Under the GDPR, N.Rich may fulfill simultaneously two alternative roles towards the end-users, depending on the personal data processed and its source;
- N.Rich operates as the “controller” in accordance with Article 4(7) of the GDPR with regards to the
following personal data:
- Unique user identifiers stored as Cookies as well as IP address data stored and collected when you visit other websites than those owned by our Clients.
- User identifiers stored as browser Cookies and IP address data collected when you visit the websites of our clients. For this data, N.Rich may also have the “processor” role defined in the next paragraph.
- N.Rich operates as the “processor” of personal data in accordance with Article 4(8) of the GDPR
with regards to the following personal data:
- User identifiers stored as Cookies and IP address data collected when you visit websites of our clients. For this data, depending on a contract between the Client and N.Rich, N.Rich may also have the “controller” role for such data as defined in the above paragraph.
- Any direct personal data processed by N.Rich for which our client or partner has the role of a controller, including for example name, email address, phone number or job title.
N.Rich has created a dedicated online service that allows end-users to verify what is the role fulfilled by N.Rich related to the processing of personal data pertaining to the given data subject. This online service is available at the following address: My data
- N.Rich operates as the “controller” in accordance with Article 4(7) of the GDPR with regards to the
following personal data:
- What personal data do we gather and process and what is the legal basis and
purpose?
We collect and process the following categories of personal information in the context of business and professional roles related to organizations, such as companies or individuals acting as contractors, agents, or employees. We do not intend to process data related to end-users in a “consumer mode”; however, due to the nature of data collection, it may be unavoidable. Since it is often impossible to separate professional and “consumer mode data”, we are typically forced to process “consumer mode” data as well. Whenever possible, we take active steps to avoid processing “consumer mode” data.
Therefore, we collect and process the following categories of personal information:
- Pseudonomysed Personal Information
- From third-party websites: IP addresses and unique user identifiers stored as cookies, collected automatically by the N.Rich Tag installed on third-party websites.
- From client websites: IP addresses and unique user identifiers stored as cookies, collected automatically by the N.Rich Tag installed on client websites.
This data alone cannot be associated with an individual, such as hashed user identifiers, IP addresses, unique user identifiers and anonymized behavioral signals.
- Direct personal information
- From client websites: Information pertaining to your professional capacity, such as your LinkedIn profile, obtained via a pixel installed on our clients' websites.
- From our clients: Business customer data collected in accordance with our clients' own privacy policies, including name, business email address, phone number, or job title. This data comes through integrations with clients' software systems or through direct import into the N.Rich platform.
- Activity data
- Online activity: Information about which third-party or client-hosted web pages you visit and your interactions with them or related advertisements. This includes information about emails you receive from us or our clients and how you engage with such communications.
- Behavioral and interaction data: Online and offline activity data that may be associated with the other categories listed above and used for creating personal behavioral profiles for marketing, sales, and analytics purposes.
- Other interactions: Information stored within our clients' systems about your interactions, such as phone calls or meetings.
- Geolocation data: Location information derived from your IP address.
We do not intentionally collect or process special categories of personal data as defined by GDPR.
A more detailed breakdown of the personal data collected is available in the table below.
Category Data Source Data Collected Purpose Our role and legal basis Pseudonymised personal information of end-users. Third-party websites (collected automatically by the N.Rich Tag) or imported from the CRM of our Clients to our platform. IP addresses, unique user identifiers stored as cookies, web pages visited, interaction with web pages, email interactions. Personalized marketing, campaign performance analysis, and customer engagement optimization strategy. N.Rich is a processor.
The legal basis is established by our Clients who are the controllers.Pseudonymised Personal Information of end-users. Client websites (collected automatically by the N.Rich Tag). IP addresses, unique user identifiers stored as cookies. Personalized marketing, campaign performance analysis, and customer engagement optimization strategy. N.Rich is a controller. The legal basis is either consent (obtained via the IAB Europe Transparency & Consent Framework) or legitimate interests ((i.e. to optimize marketing efforts), where legally feasible. When relying on legitimate interest, N.Rich conducts a balancing test in accordance with Article 6(1)(f) and Recital 47 of the GDPR. The processing is limited to B2B targeting scenarios, excludes special categories of data, and includes appropriate safeguards to mitigate the impact on the rights and freedoms of data subjects. Direct personal information of end-users Clients (collected through client software integrations where our clients import data into our platform). Business customer data: name, business email address, phone number, job title, professional capacity information (e.g., LinkedIn profile). Understanding customer engagement, improving marketing effectiveness. N.Rich is a processor.
The legal basis is established by our Clients who are the controllers.Behavioral data Clients (collected through client software integrations where our clients import data into our platform). Website activity (our clients, partner or third-parties)
Social media messages/engagement
Client interaction data (emails, calls, meetings logged in CRM and shared with N.Rich)Personalized marketing, tailored communications to meet user preferences. N.Rich is a processor.
The legal basis is established by our Clients who are the controllers.Direct personal data Provided directly by individuals contacting us. Contact details (e.g., name, email address) (obtained directly from individuals contacting N.Rich) Support and communication, responding to inquiries. N.Rich is a controller.
The legal basis is your implied consent as we have to respond to inquiries or provide customer support.Event Logs N.Rich website/platform (Collected directly from platform users during interactions). - Date/Time Stamp;
- Application ID (e.g. name and version);
- Initiating Process ID or event origination (e.g. entry point URL, page, form);
- Code location (e.g. module, subroutine);
- User initiating action (e.g. user ID);
- Location (e.g. IP address or location);
- User preference when users provide their consent
Data security, ensuring the security and integrity of systems. N.Rich is a controller.
Our legal basis is the legal obligation (security and system integrity) and legitimate interests (prevent unauthorized access).TC String / Consent Signals Consent Management Platforms / Client Website User preferences To understand end-users’ preferences related to its personal data. Joint Controller (with IAB Europe) – Art. 6(1)(a) GDPR (Consent) We collect various kinds of behavioral data and associate these data with your personal details in order to enable us, or our clients, to serve your needs better and to deliver more relevant and personalised communications to you (e.g. advertising, emails, person-to-person communications). This processing is specifically designed for business-to-business contexts and focuses exclusively on professional rather than personal characteristics. All such processing incorporates appropriate technical safeguards, including pseudonymization techniques.
- Pseudonomysed Personal Information
- IAB TCF Policy Attestation
As already indicated above, N.Rich participates in the IAB Transparency and Consent Framework and complies with its Specifications and Policies.
The IAB Europe Transparency & Consent Framework (TCF) is an industry standard for obtaining user consent under the EU's General Data Protection Regulation and providing transparency into online advertising data practices.
As a participant in the TCF, N.Rich commits to adhering to the TCF Policies and implementing the technical Specifications published by IAB Europe. This allows us to obtain, document, and respect user preferences for data processing in support of the digital advertising ecosystem. N.Rich’s participation in IAB’s TCF and compliance with its Policies and Specifications includes, in particular, the following:
- Registering with IAB Europe as a Framework participant.
- Integrating with a registered Consent Management Platform (CMP) to surface and honor transparency and consent signals.
- Disclosing our data processing activities aligned with standard TCF purposes and special purposes.
- Respecting user choices and objections communicated via TCF technical signals.
N.Rich's identification number on the Global Vendor List, which enumerates TCF-registered companies, is 20.
This framework is particularly important for our advanced capabilities such as professional profile recognition, ensuring that we obtain and honor appropriate consent for any personal data processing activities related to these services.
Following the Belgian Market Court's ruling of May 14, 2025, it has been confirmed that TC Strings (digital signals containing user preferences) are considered personal data, and that IAB Europe acts as a joint controller together with TCF participants (such as N.Rich) specifically in relation to the creation and use of TC Strings. The Market Court has importantly clarified that IAB Europe is not a joint controller for subsequent data processing performed for purposes such as digital advertising.
Contact our Data Protection Officer at privacy@n.rich for any questions related to our TCF compliance and participation.
- How do we share your information
We have disclosed non-identifiable personal data, which is described above, for a business purpose to the following categories of third parties:
- our partners who assist us in providing better services and enhance our operational efficiency and marketing activities or, from time to time use third parties to assist us with data processing, software development, hosting, database management and administrative tasks related to the processing activities described in this document. These third parties may be permitted to access your information, but they may only do so to perform these tasks on our behalf and are not allowed to disclose or use your information for any other purpose.
- our clients for the above-mentioned purposes and for carrying out related or complementary activities such as advertisement delivery or analytics;
- our sub-processors / service providers that were contracted to perform certain services on our behalf, such as data processing, analytics, advertising, and communication services.
It is important to highlight that we will not collect additional categories of personal dataor use it for materially different, unrelated, or incompatible purposes without providing you notice.
In addition, N.Rich may receive requests from law enforcement agencies or institutions as required by applicable law, court order, or governmental regulations. These requests may be necessary to investigate an alleged crime, to establish, exercise or defend legal rights. However, N.Rich will only fulfill such requests when allowed by the applicable law.
- Consumer and data subject rights
End-users, residents in the EEA protected by the GDPR of whom personal data is processed by N.Rich have the following rights as described hereunder:
-
Right of access
The right to request from N.Rich confirmation as to whether or not personal data concerning them are processed by N.Rich. If that is the case, N.Rich’s end-users can request and get access to that personal data that was collected in accordance with the GDPR . End-users can request a copy of all the personal data you had shared with us in a machine-readable format at any time. When requesting such information, if based on pseudonymised data, such as a cookie identifier or IP address, we will not share any information without a concrete proof of association of such pseudonymised data to the specific individual. Please direct such requests by email to: privacy@n.rich.
-
Right to rectification
The right to request rectification of any inaccurate personal data that is processed by N.Rich. End-users have the right to provide additional personal data that is necessary to complete any missing information. End-users can do this by sending an email to privacy@n.rich.
-
Right to erasure
End-users are given the possibility to be able to completely or partially delete their personal data that is processed by N.Rich. The GDPR right only applies if this request meets one of six specific conditions as described under Article 17 of the GDPR.
-
Right to object to, or limit to restrict, the use of data
The personal data collected by N.Rich is based on the consent that was offered by the end-user. The end-user can at any time object to further processing of its personal data by N.Rich. End-users can contact N.Rich at privacy@n.rich for this purpose.
-
Right to filing complaints
End-users of personal data that N.Rich is processing must be aware that they can file complaints with the relevant data protection authority in their country in relation to N.Rich’s processing of their personal data. More information about this is available at the following address: https://edpb.europa.eu/about-edpb/board/members_en.
To exercise your rights described above, please submit a verifiable request to us by sending us a letter on email privacy@n.rich. We endeavor to respond to a verifiable request within one month of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have not provided an email address, but have provided a mailing address, we will deliver our written response by mail. If you have provided an email account, we will deliver our written response to that email. We are not taking any responsibility for delivery failures because of faulty email or mailing addresses. Please note, however, that due to the anonymization and pseudonymization measures explained above, we are usually not in a position to identify you as a data subject and thus not able or required to fulfill the above-mentioned requests. Please contact us for any inquiries related to exercising the above rights.
-
- Children’s Privacy
N.Rich takes the protection of children’s privacy very seriously. N.Rich does not process personal data of persons under the age of 18. If N.Rich is informed about the processing of such personal data from a child under the relevant age without parental consent, we would take all reasonable steps to delete that data.
- Protection of Personal Data
N.Rich takes the security of all data it processes very seriously as the security of the foregoing data is at the heart of N.Rich’s concern. We had put in place a framework of policies, procedures, and training to cover professional secrecy, data protection, confidentiality and security. A regular audit of the appropriateness of the measures is put in place to keep the data secure.
Your information is stored in accordance with this Privacy Notice and any applicable laws in secure locations and servers within the European Economic Area as follows:
- Strict security measures are applied to ensure the confidentiality and integrity of your personal data when we process it. N.Rich follows strict data security procedures defined in ISO/IEC 27002 information security standards.
- We use physical, technical and organizational measures to counter the risk of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data.
- Only designated persons and a limited amount of our personnel have access to the information. Our personnel have been trained to observe data security in their work. Where your personal data needs to be disclosed to our subcontractors, we require them to process and safeguard the data in a manner consistent with applicable laws and this Privacy Notice.
Despite our continuous efforts to protect your personal data, you should acknowledge that:
- Due to the fast development of the IT development sector, in particular, in the security and privacy sector of the Internet, there are limitations which are beyond our control;
- The security, stability of the IT systems, and privacy of the information processed cannot be guaranteed; and
- Any such information and data may be read or interfered with a third-party, despite our continuous efforts to avoid that.
- Data retention
We retain your information, related to your data, only for as long as is necessary for the purposes detailed in this notice or in accordance with the retention period set by our clients when we process personal data on their behalf. When this personal data is no longer required, N.Rich will delete it in a secure manner.
N.Rich may also process personal data for statistical and algorithm / machine learning training purposes, but in such cases, the data will be anonymised.
Please note that the lifetime of the cookies that we set is 540 days and it will be reset every time you visit a website or see an advertisement with our tracking code. So unless you delete the cookies yourself, the cookies we set may take up to 540 days to expire from the last time you visited a web page with our tracking code.
- Transfer of data to third countries
Personal data of EEA (European Economic Area) residents may be transferred to our sub-processors, which are based / process this data outside the EEA under strict compliance rules pursuant to the GDPR. We ensure that all necessary measures have been taken in order to protect the personal data in accordance with the applicable law.
The personal data is only transferred if the recipient ensures an adequate level of protection for the rights and freedoms of the data subjects or the transfer is performed in accordance with Chapter V of the GDPR and in particular, with any of the safeguards that are provided under Article 46 of the GDPR.
For certain advanced capabilities, processing may involve data transfers outside the EEA. Such transfers occur only when essential for providing the requested services and are conducted with appropriate safeguards. We implement strict contractual controls with our processors and sub-processors in accordance with Article 46 of the GDPR to ensure equivalent protection of personal data.
- Changes to this statement
We are aware that transparency and accountability are an ongoing responsibility, therefore, this Privacy Policy will be kept under regular review. Any changes to this Privacy Notice will be published on our website. We encourage you to periodically review it in order to be informed.
- Contact information
Company N.Rich Technologies Oy, a Finnish limited liability company
Business ID: 2624746-6
Software platform name N.Rich Website https://n.rich Privacy center https://n.rich/privacy-center Email address privacy@n.rich Postal address c/o TulosSatama Oy, Kirkkokatu 1, 70100 Kuopio, Finland We are happy to answer if you have any questions about this Privacy Notice or our data processing practices.
- Other N.Rich Privacy Notices